SECURE APACHE WITH LET'S ENCRYPT SSL CERTIFICATE ON UBUNTU
LET’S ENCRYPT is a certificate authority (CA) that provides free SSL certificates for enabling HTTPS on web servers.
In this blog, we will use CERTBOT to obtain a free SSL certificate for Apache on UBUNTU.
We recommend creating a copy of Apache virtual host files to avoid mistakes and maintains the default files as a backup config.
Step 1 : Install CERTBOT
The first step to install the CERTBOT on your server.
To add the repository run following command in terminal.
sudo apt install python-certbot-apache
Step 2 : Configure SSL Certificate
CERTBOT needs to find the virtual host in Apache configuration for configure SSL.
It's require a ServerName that matches the domain you request a certificate for, we can find that configuration at following path :
To edit / open configure file use nano editor, use following command for same :
sudo nano /etc/apache2/sites-available/000-default.conf
Now find ServerName & put domain name after that, if you not found ServerName then add this at end of file.
Save & exit nano editor by control + X.
Now, verify above configuration by following command :
sudo apache2ctl configtest
If you get an error then reopen the file and check for any error.
Next, reload Apache to load the new configuration by following command :
sudo systemctl reload apache2
Step 3 — Enable HTTPS
If system has the firewall enabled, we will need to allow for HTTPS.
We can see current status by following command :
sudo ufw status
To let HTTPS traffic in, we need to allow "Apache full" in system config, run following command one by one :
sudo ufw allow 'Apache Full' sudo ufw delete allow 'Apache' sudo ufw status
Step 4 : Fetch an SSL Certificate from CERTBOT
Fetch SSL certificate for domain by following, replace your domain name in following :
sudo certbot --apache -d domain.com -d www.domain.com
Above command will ask for some option like redirect all traffic to HTTPS or not. Select your option and go ahead.
When process done CERTBOT will show some information about your domain with SSL certificate.
Now, check your domain with https://domain.com.